May 25 has come and gone; we are all very aware of the GDPR, the European Union’s new set of data privacy laws.

May 25 has come and gone; we are all very aware of the GDPR, the European Union’s new set of data privacy laws.

It might be tempting to think that because you’re in SA, these laws don’t affect you or your company, but the EU is serious about its citizens’ privacy and complacency would be a mistake.

South African organisations that fall within the ambit of the General Data Protection Regulation have a very real obligation to comply with the legislation.

The GDPR makes it a legal obligation to process personal information in a manner that does not infringe on a data subject’s privacy.

Apart from crippling sanctions for failure to do so, compliance can lead to many opportunities and EU investments for South African organisations.

If you haven’t already, it is highly recommended that you start your GDPR compliance exercise now.

The GDPR document is long and complex, consisting of 99 articles, but here are six key points to start with:

  1. The territorial scope is wide and compliance is mandatory if you process EU citizens’ data — it does not matter if you’re in South Africa or Antarctica, if you process EU data then you are subject to the GDPR.
  2. Clear, unambiguous consent is important.
  3. Data subjects must be given a clear, simply drafted privacy notice.
  4. GDPR provides for the right to be forgotten.
  5. Data subjects are entitled to have their data deleted, corrected and made available to them.
  6. Noncompliance and gross negligence can result in a fine of 4% of your global revenue.
As first published in BDLive https://www.businesslive.co.za/bd/opinion/2018-06-04-tempted-to-ignore-the-eu-privacy-laws-rather-use-this-guide-to-navigate-them/
Filter By

Must Reads

Subscribe to receive our latest articles

Follow Us

Related Posts

Imitation is the greatest form of flattery, but we don’t think so in this case.

We are aware of the phishing email that has been circulated to many people. Although we are not the firm mentioned in the phishing email you may have received, we’ve received several calls because of the similarity to our firm name so, unless you’d like to have a chat about other technology law matters, please don’t call us as we won’t be able to help. 

We know the firm in the phishing email is a genuine law firm, based in Cape Town, and we’ve alerted them to what is likely an impersonation scam.

If you’d like to learn more about phishing, click on the following link (we promise this is a legitimate link ) to watch this entertaining video we did eight years ago.